Formal Analysis of a Privacy-Preserving Billing Protocol

  • Alessandro Armando
  • Roberto Carbone
  • Alessio Merlo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7823)


We provide a formal model and a security analysis of the Private Billing Protocol. This formal analysis allowed us to spell out precisely the details of the protocol, the security assumptions as well as the expected security goals. For the formal analysis we used SATMC, a model checker for security protocol analysis that supports the specification of security assumptions and goals as LTL formulae. Further analysis that we conducted manually revealed that the protocol allows for implementations that fail to meet the expected privacy goal. We describe the implications of our findings and discuss how the problem can be avoided.


Privacy Smart Meters Billing Protocol Formal Analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Heck, W.: Smart energy meter will not be compulsory. NRC Handelsblad (April 2009)Google Scholar
  2. 2.
    Molina-Markham, A., Danezis, G., Fu, K., Shenoy, P., Irwin, D.: Designing privacy-preserving smart meters with low-cost microcontrollers. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 239–253. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Erkin, Z., Tsudik, G.: Private computation of spatial and temporal power consumption with smart meters. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 561–577. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Ács, G., Castelluccia, C.: I have a dream!: differentially private smart metering. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 118–132. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Jawurek, M., Johns, M., Kerschbaum, F.: Plug-in privacy for smart metering billing. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 192–210. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Armando, A., Compagna, L.: SATMC: a SAT-based model checker for security protocols. In: Alferes, J.J., Leite, J. (eds.) JELIA 2004. LNCS (LNAI), vol. 3229, pp. 730–733. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Armando, A., Carbone, R., Compagna, L.: LTL Model Checking for Security Protocols. In: Journal of Applied Non-Classical Logics, Special Issue on Logic and Information Security, Hermes Lavoisier, pp. 403–429 (2009)Google Scholar
  8. 8.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  9. 9.
    AVANTSSAR. Deliverable 2.1: Requirements for modelling and ASLan v.1 (2008),
  10. 10.
    Armando, A., Arsac, W., Avanesov, T., Barletta, M., Calvi, A., Cappai, A., Carbone, R., Chevalier, Y., Compagna, L., Cuéllar, J., Erzse, G., Frau, S., Minea, M., Mödersheim, S., von Oheimb, D., Pellegrino, G., Ponta, S.E., Rocchetto, M., Rusinowitch, M., Torabi Dashti, M., Turuani, M., Viganò, L.: The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 267–282. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Dolev, D., Yao, A.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 2(29) (1983)Google Scholar
  12. 12.
    Armando, A., Carbone, R., Compagna, L., Cuellar, J., Abad, L.T.: Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps. In: Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering (FMSE 2008). ACM Press, Hilton Alexandria Mark Center (2008)Google Scholar
  13. 13.
    Lowe, G.: A Hierarchy of Authentication Specifications. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW 1997), pp. 31–43. IEEE Computer Society Press (1997)Google Scholar
  14. 14.
    Armando, A., Compagna, L.: SAT-based Model-Checking for Security Protocols Analysis. International Journal of Information Security 7(1), 3–32 (2008)CrossRefGoogle Scholar
  15. 15.
    Shi, E., Chan, H., Rieffel, E., Chow, R., Song, D.: Privacy-preserving aggregation of time-series data. In: Proc. of the 18th Annual Network and Distributed System Security Symposium (NDS 2011). National Science Foundation Expeditions in Computing (2011)Google Scholar
  16. 16.
    Rial, A., Danezis, G.: Privacy-preserving smart metering. In: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society (WPES 2011), pp. 49–60. ACM, New York (2011)Google Scholar
  17. 17.
    Chan, T.-H.H., Shi, E., Song, D.: Privacy-preserving stream aggregation with fault tolerance. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 200–214. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Kursawe, K., Danezis, G., Kohlweiss, M.: Privacy-friendly aggregation for the smart-grid. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 175–191. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Basin, D., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. International Journal of Information Security 4(3), 181–208 (2005)CrossRefGoogle Scholar
  21. 21.
    Anantharaman, S., Lin, H., Lynch, C., Narendran, P., Rusinowitch, M.: Unification modulo homomorphic encryption. In: Ghilardi, S., Sebastiani, R. (eds.) FroCoS 2009. LNCS, vol. 5749, pp. 100–116. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Alessandro Armando
    • 1
    • 2
  • Roberto Carbone
    • 2
  • Alessio Merlo
    • 1
    • 3
  1. 1.DIBRISUniversità degli Studi di GenovaItaly
  2. 2.Security & Trust UnitFBK-irstTrentoItaly
  3. 3.Università e-CampusItaly

Personalised recommendations